{"id":336,"date":"2021-08-31T14:39:28","date_gmt":"2021-08-31T14:39:28","guid":{"rendered":"https:\/\/fde.cat\/?p=336"},"modified":"2021-08-31T14:39:28","modified_gmt":"2021-08-31T14:39:28","slug":"sre-weekly-issue-280","status":"publish","type":"post","link":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-280\/","title":{"rendered":"SRE Weekly Issue #280"},"content":{"rendered":"

View on sreweekly.com<\/a><\/p>\n

\n

A message from our sponsor, StackHawk:<\/h2>\n

DataRobot is using StackHawk to automate API security testing and to scale AppSec across their dev team. Learn more about all they\u2019re up to:
\nhttps:\/\/sthwk.com\/DataRobot<\/a><\/p>\n<\/div>\n

Articles<\/h2>\n
\n
The Harmful Consequences of the Robustness Principle <\/a><\/div>\n
\n

The Robustness Principle (\u201cbe conservative in what you send, and liberal in what you accept\u201d) has its uses, but it may not be best for the development of mature protocols, according to this IETF draft.<\/p>\n

Martin Thomson<\/p>\n<\/div>\n<\/div>\n

\n
No, we don\u2019t use Kubernetes<\/a><\/div>\n
\n

Docker without Kubernetes, does it make sense? These folks have a well-reasoned argument explaining why Kubernetes is not for them.<\/p>\n

Maik Zumstrull \u2014 Ably<\/p>\n<\/div>\n<\/div>\n

\n
Personal data breach reporting for service outages (such as when your CDN is down)<\/a><\/div>\n
\n

Can a service outage unrelated to security count as a \u201cpersonal data breach\u201d in terms of GDPR and other regulations? If you agree with this article\u2019s logic, then maybe it can.<\/p>\n

Neil Brown<\/p>\n<\/div>\n<\/div>\n

\n
When You Do DevSecOps, Don\u2019t Forget the SREs<\/a><\/div>\n
\n

The interactions between security and reliability incidents can be complex and hard to navigate. The example scenarios in this article really made me think.<\/p>\n

Quentin Rousseau \u2014 Rootly<\/p>\n<\/div>\n<\/div>\n

\n
Solving the Three Stooges Problem<\/a><\/div>\n
\n

To deal with thundering herds, reddit implements caching in front of each of its microservices.<\/p>\n

Raj Shah \u2014 reddit<\/p>\n<\/div>\n<\/div>\n

\n
What\u2019s allowed to count as a cause?<\/a><\/div>\n
\n

Incident causes are a social construct, and it may be that your organizational structure prevents something from being counted as a cause.<\/p>\n

Lorin Hochstein<\/p>\n<\/div>\n<\/div>\n

\n
IC1 Reliability Engineer \u2013 Dropbox Engineering Career Framework<\/a><\/div>\n
\n

Check it out, Dropbox publicly released their SRE career ladder.<\/p>\n

Dropbox<\/p>\n<\/div>\n<\/div>\n

\n
Incidents, Response, and the People With Tim Nicholas<\/a><\/div>\n
\n

There\u2019s a moment halfway through this episode of Page It to the Limit where they talk about blamelessness. If you just tell people to \u201cdo blameless postmortems\u201d, but you don\u2019t tell them how, then they\u2019ll be afraid to talk about anything people did, and that will hamper learning.<\/p>\n

Julie Gunderson, with guestTim Nicholas \u2014 Page It to the Limit<\/p>\n<\/div>\n<\/div>\n

\n
Migrating Facebook to MySQL 8.0<\/a><\/div>\n
\n

This was a monumental task, considering the 1000+(!!) internal code patches they had to port from MySQL 5.6 to 8.0.<\/p>\n

Herman Lee, Pradeep Nayak \u2014 Facebook<\/p>\n<\/div>\n<\/div>\n

Outages<\/h2>\n

Akamai<\/a><\/p>\n

Akamai had what they\u2019re calling an \u201cEdge DNS Service Incident\u201d. It made headlines this week because it took down many of their customers, similar to the Akamai incident last month.<\/p>\n

Let\u2019s Encrypt<\/a>
\nDisney park-related apps<\/a>
\nHeroku<\/a>
\nSRE WEEKLY<\/p>\n","protected":false},"excerpt":{"rendered":"

View on sreweekly.com A message from our sponsor, StackHawk: DataRobot is using StackHawk to automate API security testing and to scale AppSec across their dev team. Learn more about all they\u2019re up to: https:\/\/sthwk.com\/DataRobot Articles The Harmful Consequences of the Robustness Principle The Robustness Principle (\u201cbe conservative in what you send, and liberal in what… Continue reading SRE Weekly Issue #280<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-336","post","type-post","status-publish","format-standard","hentry","category-sre","entry"],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":463,"url":"https:\/\/fde.cat\/index.php\/2021\/09\/20\/sre-weekly-issue-287\/","url_meta":{"origin":336,"position":0},"title":"SRE Weekly Issue #287","date":"September 20, 2021","format":false,"excerpt":"View on sreweekly.com A message from our sponsor, StackHawk: Trying to figure out how to keep your APIs secure? You\u2019re not the only one. See how DataRobot is automating API security testing with StackHawk. https:\/\/sthwk.com\/DataRobot Articles Industry Interviews: Colm Doyle, Incident Commander at Slack Lots of details about how Slack\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":269,"url":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-257\/","url_meta":{"origin":336,"position":1},"title":"SRE Weekly Issue #257","date":"August 31, 2021","format":false,"excerpt":"View on sreweekly.com A message from our sponsor, StackHawk: Keeping your APIs secure requires thoughtful design and testing. Learn how to protect your REST, SOAP and GraphQL APIs from security vulnerabilities with StackHawk http:\/\/sthwk.com\/api-protection Articles Sometimes alerts have inobvious reasons for existing This one really got me thinking. Make sure\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":327,"url":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-277\/","url_meta":{"origin":336,"position":2},"title":"SRE Weekly Issue #277","date":"August 31, 2021","format":false,"excerpt":"View on sreweekly.com A message from our sponsor, StackHawk: Planelty saved weeks of work by implementing StackHawk instead of building an internal ZAP service. See how: https:\/\/sthwk.com\/planetly-stackhawk Articles FINRA Orders Record Financial Penalties Against Robinhood Financial LLC Remember all those Robinhood outages? The US financial regulatory agency is making Robinhood\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":282,"url":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-261\/","url_meta":{"origin":336,"position":3},"title":"SRE Weekly Issue #261","date":"August 31, 2021","format":false,"excerpt":"View on sreweekly.com A message from our sponsor, StackHawk: Join Snyk and StackHawk on March 18 as they walk through how to use Software Composition Analysis (SCA) and Dynamic Application Security Testing (DAST) in CI\/CD to ship more secure applications. http:\/\/sthwk.com\/snyk-stackhawk-webinar Articles What Do Fighter Pilots and Incident Management Have\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":297,"url":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-265\/","url_meta":{"origin":336,"position":4},"title":"SRE Weekly Issue #265","date":"August 31, 2021","format":false,"excerpt":"View on sreweekly.com A message from our sponsor, StackHawk: Join StackHawk and WhiteSource tomorrow morning to learn about automated security testing in the DevOps pipeline. With automated dynamic testing and software composition analysis, you can be sure you\u2019re shipping secure APIs and applications. Grab your spot: http:\/\/sthwk.com\/stackhawk-whitesource Articles Insights into\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":350,"url":"https:\/\/fde.cat\/index.php\/2021\/08\/31\/sre-weekly-issue-284\/","url_meta":{"origin":336,"position":5},"title":"SRE Weekly Issue #284","date":"August 31, 2021","format":false,"excerpt":"View on sreweekly.com Like last week, I prepared this week\u2019s issue in advance, so no Outages section.\u00a0 Have a great week! A message from our sponsor, StackHawk: Trying to automate application and API security testing? See how StackHawk and Burp Suite Enterprise stack up: https:\/\/sthwk.com\/burp-enterprise Articles Alerting on SLOs like\u2026","rel":"","context":"In "SRE"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/comments?post=336"}],"version-history":[{"count":1,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/336\/revisions"}],"predecessor-version":[{"id":374,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/posts\/336\/revisions\/374"}],"wp:attachment":[{"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/media?parent=336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/categories?post=336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fde.cat\/index.php\/wp-json\/wp\/v2\/tags?post=336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}